Using Wireshark with MS/TP

Using Wireshark for MS/TP

Problems are sometimes not obvious and you will want to see what is actually going out over the network. Most people are already with using Wireshark to capture network traffic on Ethernet, but you can also use Wireshark to analyze data captured on MS/TP. The capture is not live like it is for Ethernet, but analysis with Wireshark can be very helpful.

Control Solutions has created an MS/TP data capture utility that works in conjunction with the MTX002 MS/TP to USB adapter. This is not a generic RS-485 adapter. The MTX002 is an intelligent device that is itself an MS/TP device. A special driver has been included in the data capture utility to recognize MS/TP packets sent via USB by the MTX002.

Start by downloading and installing the USB driver for the MTX002. Do not plug in the MTX002 until you have installed the correct USB driver. The driver installation package is found on the product page for the MTX002 at csimn.com.

Download the MS/TP packet capture utiility from the Tool Links page at csimn.com. To run the capture utility, start by putting the MTX002 in pass-through mode. Refer to your PC's device manager to see where the MTX002 was installed, and refer to that COM port in the passthru command. Select the baud rate that matches your network.

Now run mstpcap referring to the COM port that the MTX002 is on. Type Ctrl-C to stop capture.

When capture is stopped, you will get the capture summary that looks something like the illustration below. Note the file name that starts with "mstp_" and ends with .cap. Find this file and double click it (assuming you have Wireshark installed on your PC).

Double clicking the .cap file created will automatically open it in Wireshark and display packets as illustrated below.

If mstpcap says it saved a file but you cannot find it, check to see that mstpcap.exe is not blocked. It will appear to run but not be allowed to save a file on your PC if blocked. Click Unblock if necessary.